Apple this week has started rolling out iOS 16 with several security and privacy improvements meant to keep users protected from malware, state-sponsored attackers, and an abusive spouse.
The first of these features is Lockdown Mode, a capability designed to keep users protected from state-sponsored mercenary spyware.
Detailed in July, Lockdown Mode works by essentially shutting down certain device functionality, to reduce attack surface and prevent attackers from exploiting potential vulnerabilities.
Meant as an extreme form of protection for a very small number of users targeted by governments, Lockdown Mode covers messages, browsing, invitations and service requests, wired connections to computers, and mobile device management (MDM).
Lockdown Mode is Apple’s response to zero-day attacks seeking to deploy high-end surveillance tools, but the company has also rolled out protections for a far simpler form of snooping, in the form of Safety Check.
Devised in collaboration with the National Network to End Domestic Violence, the National Center for Victims of Crime, and Australian Women’s Services Network, the capability can help iOS users who are in abusive relationships keep their life private.
Essentially, Safety Check shows users who has access to their messages, location, apps, and more, and provides them with an emergency button to reset permissions for all apps, sign out from all devices, and sever unwanted access to private information.
iOS 16 also arrives with Passkey, which essentially improves users’ online protection in Safari by replacing passwords with passkeys, which rely on biometric verification and can be synced across all types of Apple devices.
Apple announced support for passwordless sign-ins earlier this year, when, together with Google and Microsoft, it pledged to adopt FIDO’s passkey, a credential that is stored on the phone and which will be needed for signing in on websites that have adopted passkey.
To keep users protected from cyberattacks that exploit zero-days or newly identified vulnerabilities, Apple has introduced rapid security response, which ensures that patches are delivered to users as soon as Apple releases them, without having to install a full software update.
With rapid security response, Apple can deliver emergency fixes whenever needed, without requiring user interaction.
iOS 16 also prevents applications from viewing the device’s clipboard, which should improve both privacy and security by preventing unauthorized access to sensitive information such as passwords.
The new platform release also includes patches for a dozen vulnerabilities, including a kernel flaw (CVE-2022-32917) already exploited in attacks targeting macOS Big Sur users.
Source: SecurityWeek By: Ionut Arghire